1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Google quietly released a security fix for a worrying Chrome zero

    From TechnologyDaily@1337:1/100 to All on Wed Jun 4 17:30:09 2025
    Google quietly released a security fix for a worrying Chrome zero-day flaw,
    so patch now

    Date:
    Wed, 04 Jun 2025 16:27:00 +0000

    Description:
    The Google Chrome flaw is apparently being abused in the wild, so update now or face the risks.

    FULL STORY ======================================================================Google Chrome fixes out-of-bounds read and write vulnerability in V8 It's being exploited in the wild, so be on your guard Chrome usually updates automatically, but it wouldn't hurt to check

    Google has patched a zero-day vulnerability recently discovered in its Chrome desktop browser which it says is being actively exploited in the wild, so users should apply the fix as soon as possible.

    The bug is described as an out-of-bounds read and write vulnerability present in V8, tracked as CVE-2025-5419, and has been given a severity score of 8.8 (high).

    V8 is an open source JavaScript engine used primarily in Chrome and Node.js. It was developed by Google, and powers many of todays key productivity apps, such as Google Docs, or Gmail. Forcing the update

    In theory, a threat actor could create a malicious website which would
    execute arbitrary code on the victims system while visiting. That could potentially lead to full system compromise, data theft, or additional malware deployment.

    The bug is fixed in version 137.0.7151.68, and users are advised to upgrade immediately. Patches are out for Windows, macOS, and Linux.

    Usually, Chrome updates automatically upon a new launch. However, users can
    do it manually by navigating to the Chrome menu > Help > About Google Chrome
    , checking for updates, and clicking the Relaunch button.

    The company said the vulnerability is being abused in the wild, but did not want to share additional details before the majority of Chrome browsers are updated, adding it was, aware that an exploit for CVE-2025-5419 exists in the wild.

    "Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google said. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."

    This is the third Chrome zero-day vulnerability fixed in 2025, as two more were patched in March and May. In 2024, the company fixed a total of 10 zero-day flaws.

    Via BleepingComputer You might also like New Chrome flaw leaks sensitive information across websites - your data could already be in the wrong hands Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/google-quietly-released-a-security-fix- for-a-worrying-chrome-zero-day-flaw-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)